Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!

    1. GTANet.com

    1. GTA Online

      1. Los Santos Tuners
      2. Updates
      3. Find Lobbies & Players
      4. Guides & Strategies
      5. Vehicles
      6. Content Creator
      7. Help & Support
    2. Red Dead Online

      1. Blood Money
      2. Frontier Pursuits
      3. Find Lobbies & Outlaws
      4. Help & Support
    3. Crews

    1. GTA San Andreas

      1. Classic GTA SA
      2. Guides & Strategies
      3. Help & Support
    2. GTA Vice City

      1. Classic GTA VC
      2. Guides & Strategies
      3. Help & Support
    3. GTA III

      1. Classic GTA III
      2. Guides & Strategies
      3. Help & Support
    1. Grand Theft Auto Series

      1. St. Andrews Cathedral
    2. GTA VI

    3. GTA V

      1. Guides & Strategies
      2. Help & Support
    4. GTA IV

      1. The Lost and Damned
      2. The Ballad of Gay Tony
      3. Guides & Strategies
      4. Help & Support
    5. Portable Games

      1. GTA Chinatown Wars
      2. GTA Vice City Stories
      3. GTA Liberty City Stories
    6. Top-Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    1. Red Dead Redemption 2

      1. PC
      2. Help & Support
    2. Red Dead Redemption

    1. GTA Mods

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Red Dead Mods

      1. Documentation
    3. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    4. Featured Mods

      1. Design Your Own Mission
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Rockstar Games

    2. Rockstar Collectors

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Movies & TV
      5. Music
      6. Sports
      7. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. Announcements

      1. GTANet 20th Anniversary
    2. Support

    3. Suggestions

Documenting GTA-SA memory addresses


JernejL
 Share

Recommended Posts

anybody knows where the adress is that checks if you are in the water?

cause i want to add something for my trainer, that you can swim in the air smile.gif .

 

[edit]

k ... did not found what i wanted ... but the opposite:

6c2756

if you change this location into:

b0 00 90 90 90 90 (mov al,0)

 

you can walk under water (unfortunately ... it does not work the other way(you can not set it to 1 to swim in air))

[/edit]

 

[edit]

also found another location ... if you set:

 

code :00681b0d - 74 44 - je 00681b53

to:

code :00681b0d - EB 44 - jmp 00681b53

 

then jumping is disabled ...

(no idea if this is usefull for somebody ...)

[/edit]

thanks CrazyT, btw:

 

void patch_(PVOID address, int type, int bytes){   DWORD d, ds;   VirtualProtect(address, bytes, PAGE_EXECUTE_READWRITE, &d);   memset(address, type, bytes);   VirtualProtect(address,bytes,d,&ds);}void WalkWat(bool on){   if(on==true){   patch_((PVOID)0x6C2759, 0x01, 1);   }else{   patch_((PVOID)0x6C2759, 0x00, 1);   }}

 

 

on = you can Walk/Drive/Fly under water

off = restore it

Link to comment
Share on other sites

thx ... but i already known that.

the problem is that i still found no way to set swim-mode over the water.

whatever ... i found a new adress:

 

0xc97c28 = lpd3ddevice

 

on that adress the prog saves the directxdevice.

 

(normaly created by:

 

lpd3d:=Direct3DCreate9(D3D_SDK_VERSION);

lpd3d.CreateDevice(D3DADAPTER_DEFAULT,

D3DDEVTYPE_HAL,

Handle,

vp,

d3dpp,

lpd3ddevice);

as example)

 

so you can directly draw things on the directxwindow.

well the best thing to do is to hook the present-command of the device, that is how i did it.

maybe i will upload an example source later.

 

you can get the device in Delphi with:

lpd3ddevice := IDirect3DDevice9(Pointer($c97c28)^);

Link to comment
Share on other sites

i guess you did not understood my last post ... very sad.

Well btw. it did not had anything to do with the thing i firstly wanted (flying in the sky with swim animation).

With this dx-object you can directly create own objects into the gta-world.

(only problem that might exist is, that they have no collision data and no physics)

Don't know how you would get the adress with GetProcAddress cause you only can get library-functions with that -_-'

Link to comment
Share on other sites

004571e8 - start of function having to do with how much money to ped drops (read only, this is only after they are dead and dropped the money)

Edited by {0x90, 0x90};
Link to comment
Share on other sites

Hi guyz,i need a little help but my english is not good sad.gif I need disable a new game title in main menu,what i must modify ???(i working in hiew).

I neeed this for multiplayer,because i delete unneded files (single player,for more haddrive space)

Thanx for answer guyz rolleyes.gif

Link to comment
Share on other sites

did not understood you,sorry.

 

btw,have some new adresses:

0055555E E8 7D751D00 call gta_sa.0072CAE0 -> ""(draw with normal textures)

00555664 |. E8 77741D00 call gta_sa.0072CAE0 -> ""(draw with low textures)

 

if you nop the functions on that locations you will nearly see an empty area, so i guess that is the function that is important for drawing the scene.

found it by trying to find a way to insert own objects dynamicaly.

 

Link to comment
Share on other sites

did not understood you,sorry.

 

btw,have some new adresses:

0055555E E8 7D751D00 call gta_sa.0072CAE0 -> ""(draw with normal textures)

00555664 |. E8 77741D00 call gta_sa.0072CAE0 -> ""(draw with low textures)

 

if you nop the functions on that locations you will nearly see an empty area, so i guess that is the function that is important for drawing the scene.

found it by trying to find a way to insert own objects dynamicaly.

I must disable (or erase) "New Game" title in game,i can modify exe file (gta_sa.exe) but i must know where is adress located,do you know this adress ??

 

Link to comment
Share on other sites

CPed +0x584 = Current Entity you are in contact with [DWORD] = ptr to _ANYTHING_ you are standing on.

 

= [map object data?]

 

 

struct object_instance{  void     *some_pointer;  /* pointer to the actual 3d model data perhaps? */  float    origin[3];      /* 3d coordinates */  uint32_t unknown1;       /* always 0x80? (could be a float, actually...) */  float    *matrix;        /* direct3d transformation matrix (16 floats) */  void     *unknown1       /* could be a pointer... */  uint32_t unknown2[3];  void     *unknown3;      /* pointer to something */  uint32_t timer;  uint32_t unknown4[2]; /* teh end */};

 

Link to comment
Share on other sites

@OnanManiak:

005798E2 C74424 24 00000000 mov dword ptr ss:[esp+24], 0

 

change that into:

 

005798E2 C74424 24 01000000 mov dword ptr ss:[esp+24], 1

 

although i still do not know why you want to disable to start a new game.

 

[edit]

hmm ... well this makes the option invisible ... but you can click on it.

also this method deletes the continue-option and maybe other options.

Maybe there exist a better way, but did not found one till now

Maybe you can just replace the "FEP_STG" with another text in gta_sa.exe cause that is the reference to the text ... but that would just replace the text.

[/edit]

Edited by CrazyT
Link to comment
Share on other sites

@OnanManiak:

005798E2 C74424 24 00000000 mov dword ptr ss:[esp+24], 0

 

change that into:

 

005798E2 C74424 24 01000000 mov dword ptr ss:[esp+24], 1

 

although i still do not know why you want to disable to start a new game.

 

[edit]

hmm ... well this makes the option invisible ... but you can click on it.

also this method deletes the continue-option and maybe other options.

Maybe there exist a better way, but did not found one till now

Maybe you can just replace the "FEP_STG" with another text in gta_sa.exe cause that is the reference to the text ... but that would just replace the text.

[/edit]

I need disable this because iam maked a multiplayer version of sa. I deleted unneeded files,but if i click on new game,game will crash.

I start game with multiplayer client smile.gif not gta_sa.exe

 

Thanx man i wil try it.

 

Link to comment
Share on other sites

Hmm i down know how can modify this value,i using hiew and i see this:

 

user posted image

 

i can only modify second column

Link to comment
Share on other sites

somebody should delete this doublepost wink.gif

 

Well ... you try to make a multiplayergame?

But there are already such mods avaiable for gta.

(Btw. changing the exe itself is normaly not allowed i think.)

Whatever i can tell you how to change it in hview.

 

i guess this does not realy fit into the topic of this whole thread but i will answer you:

you see on bottom the menupoints you have:

3 Edit means that you must press f3 to edit the code on the position.

After that there should appear a new menu that allows you to edit the asmcode.

(can't remember what key you must press)

well then you can edit it.

But like i said before ... my version to fix the menu does not realy work.

(you can still click on the invisible item and other menuitems do disappear,too)

Link to comment
Share on other sites

somebody should delete this double post wink.gif

It was actually 3 posts, and there normally not deleted. And there more than likely due to the server errors we're having anyway.

Link to comment
Share on other sites

heh ... i know already recognized that the server sometimes does not have the best performance.

 

found some new adress:

 

on:

B99EB8 starts an array of pointers.

those pointers lead to other arrays of pointers.

those pointers lead to a dword followed by the x,y,z coordinates of objects.

well those coordinates seem to be readonly for some reason.

i tryed to set them, but with no luck.(the object/building still keeps it's place).

btw. found that offset on that location:

00554B54 . 8D1495 B89EB9>lea edx, dword ptr ds:[edx*4+B99EB8]

just in case that you maybe find out more.

also i wonder about the dword ... can be a type definition, but the rotation matrix would be missing then hmm.

maybe that map of arrays is just used for another thing, but don't know for what.

 

[EDIT]

k,thx {0x90, 0x90}; ... i found an array of the objects where you can change the position.(maybe only collisiondata or something like that ... for some reason low quality textures keep in place if you move the object)

 

B75898 is the array of pointers to an objectstructure that {0x90, 0x90}; already described.

[/EDIT]

[EDIT]

tested and tested ... and found out that it is only collisiondata.

the strange thing is that the position of the object changes in memory although it does not change position.

(maybe it is relativ to something? maybe to the player? don't know)

[/EDIT]

[/EDIT]

Edited by CrazyT
Link to comment
Share on other sites

Hmm, it seems like all objects (peds, vehicles, buildings...) share the same base structure.

 

They all start with something that looks like a valid pointer (which probably defines the object type)...

Followed by 3 floats (coordinates, 0x0x0 for peds)

A pointer to a transformation matrix at offset +20.

A timer at offset +44...

 

Edit: Interior ID at +47?

 

Edit: Added interior ID to my struct. (If you change it, the building is "teleported" to the set interior ID.)

 

 

struct building{  void     *some_pointer;  /* data type identifier? (it's the same for all building objects).. but it's also a valid pointer */  float    origin[3];      /* 3d coordinates */  uint32_t unknown1;       /* always 0x80? (could be a float...) */  float    *matrix;        /* pointer to a direct3d transformation matrix (16 floats) */  void     *unknown2;      /* pointer to (unknown) 3d stuff */  uint32_t unknown3[3];  void     *unknown4;      /* pointer to something */  uint16_t timer;  uint8_t  unknown5;  uint8_t  interior_id;    /* interior ID */  void     *building;      /* pointer to another building object (don't know why) */  uint32_t unknown6; /* teh end */};

 

 

One reason why the building positions do not change, might be because they've already been "uploaded" to Direct3D. I know almost nothing about Direct3D, but OpenGL has something called "display lists", where you can store pretty much anything... including positions, etc.

Edited by {0x90, 0x90};
Link to comment
Share on other sites

Finally!

While working on a hunter / hydra mod, I (finally!) found the addresses of the rockets launched by the hunter and hydra.

 

0xC891A8 is the rocket pool start. Each slot has 0x24 (36) bytes of data.

+0x00 - [DWORD] 19 for non-heatseeking rockets, 20 for heatseeking, 58 for flares

+0x04 - [DWORD] pointer to launching vehicle

+0x08 - [DWORD] pointer to target vehicle (when heatseeking), 0 otherwise

+0x0C - Unknown

+0x10 - [byte] 1 = rocket travelling, 0 = rocket exploded / does not exist

+0x11 - Unknown

+0x14 - [Float] is the X position

+0x18 - [Float] is the Y position

+0x1C - [Float] is the Z position

+0x20 - Unknown

 

Max number of elements in the pool is 32.

Plesae confirm those addresses... tounge.gif

 

Hope i've helped! biggrin.gif

Edited by DEagle50AE
Link to comment
Share on other sites

 

Hmm, it seems like all objects (peds, vehicles, buildings...) share the same base structure.

 

They all start with something that looks like a valid pointer (which probably defines the object type)...

Followed by 3 floats (coordinates, 0x0x0 for peds)

A pointer to a transformation matrix at offset +20.

A timer at offset +44...

 

 

 

That's something that's surprising me to see still. With all those able coders out there, no one seems to have pointed out yet that the the first dword in an object of a given class holds the VMT, the virtual method table. It simply points to a table with function pointers for all methods defined on objects of this class, so you can use that too if you know the purpose and parameters of each method. smile.gif

 

Alex

 

Link to comment
Share on other sites

Bypassing the 8 player limit in GTA:SA

Write the following bytes:

 

0060D64D: E9 9D 00 00 00 90

 

A function involved in the create_player process (0x005FBB70) is called twice for some odd reason. The crash occurs as a result of this duplicate call on the creation of a player index >= 8. This alteration of code forces the game to always skip the second call thus circumventing the crash. Approximately 104 players can be created.

Link to comment
Share on other sites

found a strange adress: 0x858624

this one seems to morph the player somehow ...

the default value is 1.0

if you choose a bigger value the game crashes

if you choose a lower value the player gets smaller.

somehow also the driving speed and other things are influenced by that ,too.

Link to comment
Share on other sites

Finally!

While working on a hunter / hydra mod, I (finally!) found the addresses of the rockets launched by the hunter and hydra.

 

0xC891A8 is the rocket pool start. Each slot has 0x24 (36) bytes of data.

+0x00 - [DWORD] 19 for non-heatseeking rockets, 20 for heatseeking, 58 for flares

+0x04 - [DWORD] pointer to launching vehicle

+0x08 - [DWORD] pointer to target vehicle (when heatseeking), 0 otherwise

+0x0C - Unknown

+0x10 - [byte] 1 = rocket travelling, 0 = rocket exploded / does not exist

+0x11 - Unknown

+0x14 - [Float] is the X position

+0x18 - [Float] is the Y position

+0x1C - [Float] is the Z position

+0x20 - Unknown

 

Max number of elements in the pool is 32.

Plesae confirm those addresses... tounge.gif

 

Hope i've helped! biggrin.gif

Great finding - but these appear to be read only - correct?

Link to comment
Share on other sites

 

Great finding - but these appear to be read only - correct?

Well, the only things I've tried to set are launcher address, target address and rocket type - and it's working fine. As for the coords, I guess they're probably read-only, as you said, though I haven't tested it yet...

smile.gif

Link to comment
Share on other sites

Found another address, finally!

 

CVehicle + 0x22 (short) Car ID from vehicles.ide

 

Confirm this please tounge.gif

Edited by DEagle50AE
Link to comment
Share on other sites

Great finding - but these appear to be read only - correct?

Well, the only things I've tried to set are launcher address, target address and rocket type - and it's working fine. As for the coords, I guess they're probably read-only, as you said, though I haven't tested it yet...

smile.gif

Well i was trying to fire rockets from an bmx etc which wasnt working lol.gif

 

But i only caused crashes when writing to rocket type or sthin only too. Will have a look at it again later.

Link to comment
Share on other sites

Well i was trying to fire rockets from an bmx etc which wasnt working lol.gif

 

But i only caused crashes when writing to rocket type or sthin only too. Will have a look at it again later.

LMAO! nice idea biggrin.gif

But I was trying to set the rocket type of an existing rocket, for example, to heatseeking or to a flare - and it worked fine. But again, those are just already existing rockets... dozingoff.gif

Link to comment
Share on other sites

  • 1 month later...

A while back I recall someone asking if SA could be run in a window. Unfortunately the search function isn't working at the moment so I can't find it or anything else related. So if this is old hat please forgive me.

 

To run SA in a 'proper' window, ie. has frame and title bar, can be moved, minimized, etc. The cursor is only available in-menu and disappears on the title bar, though it is still there and functioning. Could only get this to work at 640 x 480.

 

This code used in proxy d3d9.dll

 

 

HRESULT __stdcall myIDirect3D9::CreateDevice(UINT Adapter,D3DDEVTYPE DeviceType,HWND hFocusWindow,DWORD BehaviorFlags,D3DPRESENT_PARAMETERS* pPresentationParameters,IDirect3DDevice9** ppReturnedDeviceInterface){if (bWindowedMode){ pPresentationParameters->Windowed = 1; pPresentationParameters->FullScreen_RefreshRateInHz = 0;}[Rest of code here]..}HRESULT myIDirect3DDevice9::Reset(D3DPRESENT_PARAMETERS* pPresentationParameters){if (bWindowedMode){ pPresentationParameters->Windowed = 1; pPresentationParameters->Flags = 0; pPresentationParameters->FullScreen_RefreshRateInHz = 0; pPresentationParameters->PresentationInterval = 0; pPresentationParameters->BackBufferFormat = D3DFMT_UNKNOWN; SetWindowLong(pPresentationParameters->hDeviceWindow, GWL_STYLE, WS_OVERLAPPEDWINDOW); SetWindowPos(hWnd, HWND_NOTOPMOST, 100, 100, pPresentationParameters->BackBufferWidth,  	pPresentationParameters->BackBufferHeight, SWP_SHOWWINDOW | SWP_DRAWFRAME); bWindowedMode = false;}[Rest of code here]..}

 

Link to comment
Share on other sites

here's a hot one:

7115B4 - stencil shadow opacity, i recommend setting it to 09 (default: 06) for results like this:

user posted image

0A is a bit lighter, 08 is a bit darker. 0, is totally and completely opaque.

 

Note that vehicles as seen with the chopper here, will become extremely ugly on their shadowed side. There must be a way to disable self-shadowing, then this would become truly useful.

Lurking..

Link to comment
Share on other sites

Is there any way to run SA at a custom res.? Such as 300x300 or even as low as 150x150(Palm Low Res)

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.